With this configuration an OpenVPN 2.2.1 can connect to the server, instead with new andorid "OpenVPN Connect" it's not possible.
The profile and certificates files are in /sdcard/OpenVPN and when I import the profile the client return: "Error reading file referenced by profile: [inline] : cannot open: /sdcard/OpenVPN/[inline]"

Someone can help me?

P.S.: which version of OpenVPn is used in new andorid "OpenVPN Connect"?

Hi, I started to see the same isue, HMAC authentication seems to fail since the upgrade to the latest openvpn connect client (1.1.8) for ANDROID in combination with v2.2.2 on the server side. As soon as I disable tls-auth on the client and server, it works again...

The recommended tls-auth usage is to use "key-direction 0" on the server and "key-direction 1" on the client because that uses different tls-auth keys for the client -> server direction and server -> client direction (somewhat more secure), and it also works on all versions of OpenVPN.

If the server is using tls-auth without the key-direction parameter, such as "tls-auth ta.key"
it's a bit more problematic because then client-side unified profiles would need to have "key-direction bidirectional", however this directive will only be available on 1.0.1 (iOS) and 1.1.9 (Android), and is not currently implemented on the OpenVPN 2.x branch.

jamesyonan wrote:The recommended tls-auth usage is to use "key-direction 0" on the server and "key-direction 1" on the client because that uses different tls-auth keys for the client -> server direction and server -> client direction (somewhat more secure), and it also works on all versions of OpenVPN.

If the server is using tls-auth without the key-direction parameter, such as "tls-auth ta.key"
it's a bit more problematic because then client-side unified profiles would need to have "key-direction bidirectional", however this directive will only be available on 1.0.1 (iOS) and 1.1.9 (Android), and is not currently implemented on the OpenVPN 2.x branch.

Hi,
thanks for the reply.
There are possibilities that the directive will be implemented on the OpenVPN 2.x branch in the next future?